Launchpad itself

Do not permit open/delegated teams to subscribe to private bugs

Bug #878531 reported by Curtis Hovey
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
High
j.c.sackett

Bug Description

A review of data revealed that there were/are open or delegated teams subscribed to private bugs. 95% of the affected bugs are unwanted; duplicates, invalid, wontfix, expired, questions, tests. This issue does not appear to have been the cause of a serious compromise, they are more often accidental subscriptions that users do not want to see.

SELECT distinct
    product, productseries, distribution, distroseries, bs.bug, t.name
FROM person t
    JOIN bugsubscription bs ON bs.person = t.id
    JOIN bug ON bug.id = bs.bug
    JOIN bugtask ON bugtask.bug = bug.id
WHERE
    bug.private
    AND t.subscriptionpolicy IN (2, 4)
ORDER BY t.name, product, productseries, distribution, distroseries;

Lp must ensure that open teams cannot subscribe to private bugs or be assigned private bugs.

Related branches

lp:~jcsackett/launchpad/open-delegate-subscription-problems
Robert Collins (community): Approve
Diff: 238 lines (+88/-12)
8 files modified
lib/lp/bugs/browser/bugsubscription.py (+11/-6)
lib/lp/bugs/browser/tests/test_bugsubscription_views.py (+41/-1)
lib/lp/bugs/doc/bugsummary.txt (+9/-2)
lib/lp/bugs/errors.py (+5/-0)
lib/lp/bugs/model/bug.py (+9/-2)
lib/lp/registry/browser/tests/test_milestone.py (+3/-1)
lib/lp/registry/interfaces/person.py (+3/-0)
lib/lp/registry/model/person.py (+7/-0)
lp:~jcsackett/launchpad/private-bugs-open-teams-and-delegate-teams-oh-my
Brad Crittenden (community): Approve (code)
Diff: 22 lines (+8/-2)
1 file modified
lib/lp/app/javascript/subscribers/subscribers_list.js (+8/-2)
Curtis Hovey (sinzui)
summary: - do not permit open/delegated teams to subscribe to private bugs
+ Do not permit open/delegated teams to subscribe to private bugs
j.c.sackett (jcsackett)
Changed in launchpad:
assignee: nobody → j.c.sackett (jcsackett)
j.c.sackett (jcsackett)
Changed in launchpad:
status: Triaged → In Progress
Revision history for this message
Launchpad QA Bot (lpqabot) wrote :

Fixed in stable r14287 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/14287>.

tags: added: qa-needstesting
Changed in launchpad:
status: In Progress → Fix Committed
j.c.sackett (jcsackett)
Changed in launchpad:
status: Fix Committed → In Progress
tags: added: qa-ok
removed: qa-needstesting
Revision history for this message
Launchpad QA Bot (lpqabot) wrote :

Fixed in stable r14334 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/14334>.

tags: added: qa-needstesting
removed: qa-ok
Changed in launchpad:
status: In Progress → Fix Committed
j.c.sackett (jcsackett)
tags: added: qa-ok
removed: qa-needstesting
William Grant (wgrant)
Changed in launchpad:
status: Fix Committed → Fix Released
William Grant (wgrant)
visibility: private → public
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.